The reality is, computers are good at some things, humans are good at others (Remember how much effort it took google to identify cats in youtube thumbnails? Something any four year old can do?). Computers are good at sifting through large amounts of data. Great. Humans are good at detecting fraud. Combining them is best.
Peter Thiel writes about how fatal machine learning for fraud detection in his book, "Zero to One".
At Paypal, Max Levchin assembled an elite team of mathematicians to study the fraudulent transfers in detail. Then we took what we learned and wrote software to automatically identify and cancel bogus transactions in real time. But it quickly became clear that this approach wouldn't would either. After an hour or two, the thieves would catch on and change their tactics. We were dealing with an adaptive enemy and our software couldn't adapt in response.
The fraudsters adaptive evasions fooled our automatic detection algorithms, but we found that they didn't fool our human analysts as easily. So max and his engineers rewrote the software to take a hybrid approach: the computer would flag the most suspicious transactions on a well designed user interface, and human operators would make the final judgment as to their legitimacy.
> computers are good at some things, humans are good at others
"You insist that there is something a machine cannot do. If you will tell me precisely what it is that a machine cannot do, then I can always make a machine that will do just that!"
-- J. von Neumann
Computers will continue to get better at human things as we continue to get better at understanding how human things work. Look at the recent advances in deep learning. This is using only the most crude approximation of human neurons we can identify and caption images with astounding results. Google currently claims that anything that can be done in 0.1 of a second by a human, they can do as well.
Fraud detection relies heavily on unsupervised learning, and for all of history up until the last few years state of the art unsupervised learning was usually SVD + clustering or some variation on that. The current state of the art, things like deep belief networks, are able to achieve markedly superior results.
Additionally this article seems to imply that they are collected labeled data from customers which should help tremendously in modeling fraud. If even if the labels are a small sample recent advances in semi-supervised learning using deep neural nets is even greater than the advances in unsupervised learning.
While I don't disagree that historically it has been wise to include a human element in fraud detection, I don't believe there is any reason to assume that trend will continue indefinitely into the future.
Sorry about this, but i think there are some big flaws in your comment.
> You insist that there is something a machine cannot do. If you will tell me precisely what it is that a machine cannot do, then I can always make a machine that will do just that!
-
Know anything about the Halting problem & NP-Hard? There are things that computers will never-ever be able to perform, even if we go quantum.
> Computers will continue to get better at human things as we continue to get better at understanding how human things work
Your argument is the basic concept of symbolism, and deep learning is one of the multiple connectionism types of learning, a whole different world in ML.
> Fraud detection relies heavily on unsupervised learning
No, i have been working in Fraud and no, it is supervised with lot of manual feedback.
> unsupervised learning was usually SVD + clustering or some variation on that. The current state of the art, things like deep belief networks, are able to achieve markedly superior results.
Sorry, No Free Lunch for learning algorithms...
> historically it has been wise to include a human element in fraud detection, I don't believe there is any reason to assume that trend will continue indefinitely into the future.
> Google currently claims that anything that can be done in 0.1 of a second by a human, they can do as well.
Okay, on a moonless night, overcast, with no lights,
a lot of fog, 200 yards away is .... Bingo, a
pretty girl, 5' 4", 34, 19, 34, blond, really sweet,
wants to be great as a wife and mommy,
about 18! Yup, been doing that for years! Try
that Google! My advantage: I have a dedicated,
autonomous, peripheral processor just for that
task!
I suffered from Amex's fraud detection algorithm recently when trying to book a discount airfare. There was 1 ticket left, I tried paying for it, and Amex blocked the charge, and by the time I tried it again (90 seconds or so), the ticket was gone.
I was on call with many service reps, and no one was able to cover the differential between the cheapest new flight and the discount fare that I missed due to the 'false positive' fraud block.
Why should the customer suffer penalties for false positives? Considering that fraudulent charges themselves do not accrue liability for the customer, why should false positives do so?
It seems worse than that. Now there will be 2 layers of possible false positives - your card and your merchant's payment processor. I can understand a merchant opting in to a sift science like service, but having it built into the processor seems like a bad idea.
Stripe has no relationship with the end user, and should not. A legitimate buyer can't possibly be expected to call into Stripe to verify a transaction before or after a purchase attempt like they could to their own credit card or bank.
(I work at Stripe) Buyers won't have to contact Stripe directly, just as they would not contact a third-party fraud detection service directly. They'll contact businesses, who can use the dashboard or API to mark the charge as safe and retry it without Stripe intervening. In our experience, card networks don't catch much fraud, and not all businesses have the time or resources to integrate a third-party solution—we don’t want them to be unprotected.
And, to be clear, the fact that Stripe is doing fraud protection isn't new—we've always blocked some fraudulent payments, as does every other major payment company. What we're launching is a much better system and, especially, one that businesses using Stripe can train so that there are fewer false positives over time.
Sure they can. A low false positive rate is almost a given. Low false positive rates are acceptable everywhere else, even in medicine, and when the "cost" is a minor inconvenience for perhaps millions in time/energy saved, its an acceptable business choice, even for me as a consumer.
(You note that Stripe has no business with the consumer. Well, then, this doesn't affect your relationship with Stripe, because there is none. It affects your relationship with your card's fraud prevention, which has and will always be there...)
I don't mind the false positive. It's just that people should be compensated for it, especially if the rate is low. It's just good business sense. If the bank can eat up actual fraud charges, why should it not eat false positives?
For online transactions, least in my business, it's not the banks that eat the fraud charges it's the business. If someone uses your card to purchases services, and then later there is a charge back due to you reporting fraud, my business would lose the money that was paid from the card and would be fined $25 dollars. So for example say someone signed up for a VoIP service, made a bunch of calls through that service that were charged. You later check your credit card, see some fraudulent charges and then do a charge back. Well the bank/credit card company gets the money from the VoIP service and fines them.
It would probably be abused all the time and the claims would be for larger amounts than the difference between two similar plane tickets. There would be people claiming they had to buy a car for $2,000 more just because they missed some kind of window where the price was cheaper (even though that doesn't make sense). I don't think any bank would open themselves up to that kind of liability. Even if they would, I think they'd cap it to a low amount that was close to the cost of eating chargebacks.
That sucks. I had a somewhat similar experience trying to buy about $2k of stuff in person in a shop I hadn't been to before, Amex blocked it and I instantly got a ping on my iPhone app. The process to unblock it was stupid - I had to call in - but I think they're making headway. It would be nice if you could just TouchID a "yes, please authorize this transaction".
Yes if the transaction was 'on hold' it may have been fine. The problem occurred because the transaction went thru on the sales page, but was then blocked by Amex before the airline could send a confirmation, and then there was no confirmation as the payment had not been approved.
So, infact, if the card was refused AT the submission form, the website would've held onto the ticket, and waited for re-submission.
I ditched Wells Fargo after getting lots of repeated calls at anytime of the day or night to verify the last transactions on my account. Based on the same transactions, they could figure out my most recent location and develop something that's a little more careful about the time/day of the week this automated calls were placed.
The weird part was that I was booking the flight sitting at home from my personal laptop. In short, my modal usage of the credit card for online shopping.
I had a chance to talk to a fraud detection statistician at a large tech company. One major area of fraud is in very small scale fraud for minute transactions that fly under the radar. A lot of traditional machine learning and statistical techniques don't seem to work well for that. There is a lot of digging through literature to find statistical and signal detection methods to identify this sort of fraud.
This seems similar to what PayPal was doing in 2002. Its possible or even likely that PayPal's techniques have become stale over time, but they were doing some very advanced fraud detection in their time[1][2].
A really interesting book that detailed how the development of PayPals anti-fraud system came about (among other things) is Founders at Work[3].
As far as I know, PayPal never had the part of this that I'm most excited about -- straightforward UI and APIs for training the models over time. (Both so that they can be globally better and also better-adapted to each specific business.)
Exactly. The lack of transparency and developer openness was a huge problem for some of us. I really enjoy the steps forward Stripe makes in that regard across all facets of the business, to say nothing of the other reasons which I will stick with Stripe for a long time.
Visa is on the receiving end of chargeback fees, they have no interest in fraud detection.
For example, it's still not possible to report clearly compromised cards to the issuing bank, Visa has no provisions for that. Pretty much tells you all you want to know about their stance on the card fraud.
I would not say they have no interest I would say these are two different cases. If I'm out and about and my card gets declined , I'm going to be extremely upset. At home on a computer if it gets declined .. eh I use another one. Also I think its up to the issuing bank as well. I know if I'm going out of the country I have to notify the issuing bank of the credit card I intend on using.
Peter Thiel writes about how fatal machine learning for fraud detection in his book, "Zero to One".
At Paypal, Max Levchin assembled an elite team of mathematicians to study the fraudulent transfers in detail. Then we took what we learned and wrote software to automatically identify and cancel bogus transactions in real time. But it quickly became clear that this approach wouldn't would either. After an hour or two, the thieves would catch on and change their tactics. We were dealing with an adaptive enemy and our software couldn't adapt in response.
The fraudsters adaptive evasions fooled our automatic detection algorithms, but we found that they didn't fool our human analysts as easily. So max and his engineers rewrote the software to take a hybrid approach: the computer would flag the most suspicious transactions on a well designed user interface, and human operators would make the final judgment as to their legitimacy.